Penetration tests reveal a critical threat to e-shop operations

Customer type

An e-shop with more than 500 employees and an annual turnover of over 200 million CZK.

What situation did he deal with

For many years, the e-shop specializing in sports equipment has been using our guaranteed and shared internet connection via fiber optic networks with SOC (Security Operations) services. Over time, the customer observed instability in the internet connection, although our round-the-clock connectivity monitoring reported no fluctuations.

What we helped with

We therefore suggested that the client implement a remediation using penetration testing. After an initial analysis of the environment, we extended the tests from the internal network to the external network to verify a wider range of possible threats.

During the initial phase of the test, we overcame several applications to the internal network and gained full access to it. We were even able to do this on customer and supplier logistics and distribution applications in a matter of minutes, during normal operation. The breach was very fast due to a number of bugs in the applications used. We recommended modifying them to withstand potential attacks.

Due to the misconfigured architecture and related vulnerabilities, the IT department asked us to scan the history that could lead to possible theft of customer data. At the same time, we configured network and application protection that restored the required internet speed performance and ensured the protection of critical customer data through an additional product, namely high availability security.

What the solution brought

Penetration tests through simulation of attacks at the network and application level verified the ability of the customer’s systems to withstand real cyber attacks and unauthorized interference of employees (non/unaware). At the same time, consistent security of critical operational data and personal data of customers was implemented.

Benefits of implementing information risk management

  • Expose security holes in your traffic and data
  • Ensuring the necessary protection of your business-critical data and personal customer data
  • Penetration testing results will help your company revitalize the availability and integrity of data within the internal network and significantly protect the perimeter of the external network from attacks
© 2024 Faster.cz
Created by